|
From: Hanno B. <ha...@hb...> - 2016-12-20 14:20:42
|
Hi,
Attached file will cause a heap buffer overread. Can be seen with
address sanitizer, found with afl.
This is the last one for now.
ASAN stack trace:
==27900==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d00000cff6 at pc 0x000000540eec bp 0x7ffe5a4af5b0 sp 0x7ffe5a4af5a8
READ of size 1 at 0x60d00000cff6 thread T0
#0 0x540eeb in read_new_config_info /mnt/ram/wavpack-5.0.0/src/open_utils.c:573:45
#1 0x540eeb in process_metadata /mnt/ram/wavpack-5.0.0/src/open_utils.c:736
#2 0x53d28e in unpack_init /mnt/ram/wavpack-5.0.0/src/open_utils.c:318:14
#3 0x537bad in WavpackOpenFileInputEx64 /mnt/ram/wavpack-5.0.0/src/open_utils.c:173:33
#4 0x541a46 in WavpackOpenFileInput /mnt/ram/wavpack-5.0.0/src/open_filename.c:258:12
#5 0x5064fa in unpack_file /mnt/ram/wavpack-5.0.0/cli/wvunpack.c:1053:11
#6 0x5051d8 in main /mnt/ram/wavpack-5.0.0/cli/wvunpack.c:769:22
#7 0x7f7a6f5f0690 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289
#8 0x4198f8 in _start (/mnt/ram/wavpack-5.0.0/cli/wvunpack+0x4198f8)
0x60d00000cff6 is located 0 bytes to the right of 134-byte region [0x60d00000cf70,0x60d00000cff6)
allocated by thread T0 here:
#0 0x4c9d68 in __interceptor_malloc (/mnt/ram/wavpack-5.0.0/cli/wvunpack+0x4c9d68)
#1 0x5371b8 in WavpackOpenFileInputEx64 /mnt/ram/wavpack-5.0.0/src/open_utils.c:111:26
#2 0x541a46 in WavpackOpenFileInput /mnt/ram/wavpack-5.0.0/src/open_filename.c:258:12
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hb...
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
|